Bounced emails are not scanned for viruses.

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Thu Mar 18 09:23:29 GMT 2004 

Magda

what version of MS are you running? I think there was a permant fix made
around the 4.28-1 beta version - there where patches posted that for
4.24.5 and 4.25.x that caught a problem with mime-type issues on
returned email (which is how you might have got infected in the first
place).

Also make sure that you are scanning all outbound email for viruses as
well, check the config and rules.

Also make sure the Lotus notes machine os relaying through the MS box
and not sending directly.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Magda Hewryk wrote:
> Hi,
> For some reason all Delivery Failure Reports sent from the Lotus Notes-Mail
> Router account have a infected message.  Basically the messages is not
> disinfected.
>
> Our mail gateway machines scan correctly all emails but the one sent to the
> unknown user are bounced back not scanned.  Because the sender's address is
> spoofed  the infected bounced emails are timed out and are sent to the
> postmaster.  The Postmaster is aliased to real Lotus Notes addresses and in
> the result Notes mail accounts got infected.
>
> 1. Email is received on the mail gateway
> 2. Email is detected as not valid <Unknown user> and is not disinfected by
> MailScanner.
> 3. The Mail Gateway is trying to send it back to the original sender -
> without disinfection first.
> 4. Email is bounced back and timed out because cannot reach the spoof
> address of the sender
> 4. The bounced mail is sent to the Postmaster on the Mail Gateway
> 5. The postmaster is re-directed to the Lotus Notes Account and the
> disinfected email ends up in mail boxes as a Delivery Failure Report.
>
>
> The bottom line:
> Mailscanner on our Mail Servers is not scanning emails which are sent to
> <Unknown User>.

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

More information about the MailScanner mailing list